SSO_dat[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SSO_dat.dll
Size

5.7MB
MD5

8365c982a54f510a5ceeb99594d385b0
SHA1

6a09b70bd85b26d0f00278c4306f809bb2c8cf02
SHA256

4cd1af20dca5d01a352cfe04a640b816637749f96ef3ea8c0186a0d40eb7de40
SHA512

258aa71609c70bb33555577b7435471789a8ca80b1b1db6cd775625a2d1ee0ef4cb4275960d1ed6c5351ca6ca987a493ef61beced885682d63f2cf355f678553
SSDEEP

98304:LLOnMhcb/Z+/wILP7Tt1HEZCctT9h0Ai9H1WzYy6o0r9u+8bGtt3pJDD:LCMhcg/jVBEoctTbDC1WzYQ0rY+8QxpJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Program Files (x86)/Xiaomi/Xiaomi Camera Viewer/SSO_dat.dll

Files

SSO_dat.dll
.zip

Password: S@ndb0x!2023@@
Device/HarddiskVolume4/Program Files (x86)/Xiaomi/Xiaomi Camera Viewer/SSO_dat.dll
.dll windows x86

Password: S@ndb0x!2023@@

d2a9e5a9281e90698fab2e9f21b69161

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
VirtualQuery
LocalAlloc
GetModuleFileNameW
LocalFree
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

libcrypto-1_1

AES_cbc_encrypt

sso_log

?utils_LogW@@YA_NHPA_WZZ

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersAddresses

wtsapi32

WTSQuerySessionInformationW
WTSSendMessageW

user32

GetSystemMetrics
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCreateKeyExW

ole32

CoCreateGuid

oleaut32

SysAllocString

Exports

Exports

dat_LoadPassToken
dat_SavePassToken

Sections

.text
Size: - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Akp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Akp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S@ndb0x!2023@@

Password: S@ndb0x!2023@@

d2a9e5a9281e90698fab2e9f21b69161

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

libcrypto-1_1

sso_log

shlwapi

iphlpapi

wtsapi32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 174KB

.rdata Size: - Virtual size: 69KB

.data Size: - Virtual size: 7KB

.gfids Size: - Virtual size: 572B

.tls Size: - Virtual size: 9B

.Akp0 Size: - Virtual size: 3.4MB

.Akp1 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 174KB

.rdata
Size: - Virtual size: 69KB

.data
Size: - Virtual size: 7KB

.gfids
Size: - Virtual size: 572B

.tls
Size: - Virtual size: 9B

.Akp0
Size: - Virtual size: 3.4MB

.Akp1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB